1. INTRODUCTION

This Privacy Policy governs the processing of personal data by PAWMATIX DPK ("Company," "We," "Us") regarding its Merchants, Affiliate Partners ("Affiliates"), and Customers. We are committed to protecting your privacy and complying with the General Data Protection Regulation (Regulation (EU) 2016/679 - "GDPR") and applicable Bulgarian legislation.

By registering on our site, you consent that the personal data collected is necessary for the Company to operate and coordinate the PAWMATIX distribution network and carry out its obligations under the Terms and Conditions.

2. DATA WE COLLECT

To manage the ecosystem, process payouts, and maintain legal compliance, we collect the following categories of data:

2.1. Affiliate & Merchant Data

• Identity Data: Full legal name, address, email address, and telephone number.
• Business/Tax Data: Tax identification number (EGN / BULSTAT / VAT number) and business registration documents.
• Financial Data: Bank account details (IBAN, SWIFT/BIC, account holder name) for commission payouts.
• Verification Documents: Valid government-issued ID (Passport/ID Card) required for KYC (Know Your Customer) and Anti-Money Laundering (AML) compliance.

2.2. Service Data

• Merchants: Information regarding business services, pricing, and specific benefits offered to Loyalty Card holders.
• Affiliates: Data regarding your downline organization, sales volume, and commission status.

3. PURPOSE AND LEGAL BASIS FOR PROCESSING

We process your data based on the following legal grounds:

1. Contractual Necessity: To manage the distribution network, track sales, and process commission payouts as defined in the Affiliate Agreement.
2. Legal Obligation: To comply with tax laws, AML regulations, and requirement to verify identities before releasing funds.
3. Legitimate Interest: To maintain the security of the network, prevent fraud, and manage the "Unilevel" and "Influencer" compensation structures.

4. AFFILIATES AS DATA PROCESSORS

This section applies to Affiliates handling the data of Customers or Downline Partners.

4.1. Roles Defined

For the purposes of the GDPR, PAWMATIX is the Data Controller and the Affiliate is the Data Processor regarding any Personal Data collected during business activities. By maintaining a database of contacts or customers, the Affiliate must process personal data in accordance with the GDPR.

4.2. Affiliate Obligations

As an Independent Contractor and Data Processor, you agree to:

• Process on Instructions: Process Personal Data only in accordance with PAWMATIX’s instructions and not for unauthorized purposes.
• Confidentiality: Treat all personal information (e.g., ID numbers, addresses, credit card numbers) of Customers and other Partners as strictly confidential.
• Security: Adopt appropriate administrative, technical, and physical safeguards to protect data against theft or unauthorized access. This includes:
• Encrypting data before transmission.
• Password-protecting computer files.
• Shredding paper files containing confidential information.
• Data Minimization: Retain documents containing personal data only for as long as necessary to complete the transaction.
• Breach Notification: Assist the Controller (PAWMATIX) in ensuring compliance with obligations regarding data breach notifications to regulators and data subjects.

4.3. Prohibited Actions

• You may not use the personal information of other Partners (e.g., from downline reports) for any purpose other than developing your PAWMATIX business.
• You may not disclose downline reports or password access to third parties.

5. DATA RETENTION

• Transaction Records: We retain data necessary for tax and legal compliance. Affiliates must keep copies of Retail Sales Receipts for at least six (6) years.
• Disposal: Upon termination of your Agreement, or when data is no longer needed, you must take reasonable steps to destroy information by shredding, permanently deleting, or making it indecipherable.

6. DATA SECURITY & TRANSFERS

• Protection: We implement technical and organizational measures to ensure a level of security appropriate to the risk.
• Transfers: Data may be transferred to other Partners (e.g., Upline) for network management purposes or processed outside the European Economic Area (EEA) if necessary for operational management, subject to standard protection clauses.

7. YOUR RIGHTS

Under GDPR, you have the right to:

• Access: Request access to the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Withdraw Consent: You may withdraw consent to electronic records or data processing at any time; however, this will result in the termination of the Partner Agreement as we cannot operate your account without processing your data.

8. CONTACT & DISPUTE RESOLUTION

• Contact: For privacy inquiries, please contact our support team via your User Profile.
• Governing Law: This policy is governed by the laws of the Republic of Bulgaria.

Jurisdiction: Any disputes regarding data privacy or these terms shall be resolved by the competent courts of Sofia, Bulgaria.